Bug#729148: Memory corruption vulnerability when using AES-GCM

To: Patrick Godschalk <argure@argure.nl>
Cc: 729148@bugs.debian.org
Subject: Bug#729148: Memory corruption vulnerability when using AES-GCM
From: GUO Yixuan <culu.gyx@gmail.com>
Date: Sat, 9 Nov 2013 10:54:33 -0500
Message-id: <[🔎] 20131109155432.GA26176@gmail.com>
Reply-to: GUO Yixuan <culu.gyx@gmail.com>, 729148@bugs.debian.org
In-reply-to: <[🔎] 1384009730.15433.10.camel@alderaan.argure.nl>
References: <[🔎] 1384009730.15433.10.camel@alderaan.argure.nl>

Hi,

On Sat, Nov 09, 2013 at 04:08:50PM +0100, Patrick Godschalk wrote:
> Package: openssh-server
> Version: 1:6.2p2-6~bpo7
> Severity: grave
> Tags: patch, security, fixed-upstream
> 
> The recent security advisory from OpenSSH upstream dated 2013-11-07
> mentions that "a memory corruption vulnerability exists in the
> post-authentication sshd process when an AES-GCM cipher
> (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during
> kex exchange."
> 
> "If exploited, this vulnerability might permit code execution with the
> privileges of the authenticated user and may therefore allow bypassing
> restricted shell/command configurations."
> 
> This only applies to OpenSSH 6.2 and 6.3 built against OpenSSL
> supporting AES-GCM. It has been fixed in upstream, OpenSSH 6.4.
> 

This seems to be the same as #729029?

Cheers,

GUO Yixuan

Reply to:

Follow-Ups:
- Bug#729148: Memory corruption vulnerability when using AES-GCM
  - From: Colin Watson <cjwatson@debian.org>

References:
- Bug#729148: Memory corruption vulnerability when using AES-GCM
  - From: Patrick Godschalk <argure@argure.nl>

Prev by Date: Processed: Re: Bug#729029: openssh: Memory corruption in AES-GCM support
Next by Date: Bug#729148: Memory corruption vulnerability when using AES-GCM
Previous by thread: Bug#729148: Memory corruption vulnerability when using AES-GCM
Next by thread: Bug#729148: Memory corruption vulnerability when using AES-GCM
Index(es):
- Date
- Thread